[This was originally published on OSVDB, now gone. VulnDB 24235, 24236, 24237, 24238]
- Ticket has been submitted. The ticket number is SCR00994.
While looking at some of your scripts, I noticed there are a few security issues:
UPOINT @1 Event Publisher
eventpublisher_admin.htm does not validate input to the Event, Description, Time, Website, and Public Remarks fields. This can be used for cross-site scripting (XSS) attacks.
eventpublisher_usersubmit.htm does not validate input to the Event, Description, Time, Website, and Public Remarks fields. This can be used for cross-site scripting (XSS) attacks.
A direct request to eventpublisher.txt will reveal the contents of private comments
—
UPOINT @1 Table Publisher
tablepublisher.cgi does not validate input to the Title of Table field, which can be used for XSS attacks.
Thanks